|
|
|
Date Submitted:
08/05/05
Hits: 81 Rating:  based on 0 votes
Comprehensive Anomaly Detection (CAD)Added by Papergrl
Description:
When researching possible open source solutions, one utility stood out as an example of what we needed to accomplish: portsentry. Portsentry is a port-monitoring tool that is able to take action when a change occurs in the signature of a machine's ports. Put another way, if an intruder accesses a port that is not in the allowed port list, portsentry can automatically add a packet filtering rule (among other responses) to block the intruder from any further connection efforts. Watching how portsentry reacted led to the idea that we could build a set of firewalls that could monitor their own health once they were connected to the Internet. This monitoring went beyond the usual combination of Tripwire and HID/NID systems and included the ability to take automated action in response to detecting a change in the known and expected state of each firewall.
Read the Complete Paper You don't have permission to post replies. Please login or register. |